Operational risks relate to losses Triodos Bank could incur as a result of inadequate or failing internal processes, systems, human behaviour or external events. Triodos Bank limits these risks with clear policies, procedures and controls for all business processes. The operational risk framework uses several tools and technologies to identify, measure and monitor those risks and monitors the level of control on an operational, tactical and strategic level. During 2019 the in 2018 formalised control testing and key control management was further implemented to support the monitoring of identified operational risks. Due to a robust risk event management process the Operational Risk Management department is able to perform analyses on a continuous basis.

Operational Risk Management includes Information Security, Outsourcing and Business Continuity. Activities to manage risks related to these subjects are executed under the responsibility of the Chief Risk Officer in line with the operational risk framework.

The Non-Financial Risk Committee where the non-financial risks aspects are discussed including compliance and IT risk, meets on a monthly basis. During 2019 both the group- and local Non-Financial Risk Committee charters were updated in accordance with the review timelines set for these documents.

Triodos Bank applies the Basic Indicator Approach to calculate minimum capital requirements for operational risk.

The operational risk framework follows the principles mentioned in the Sound Practices for the Management and Supervision of Operational Risk. These sound practices provide guidelines for the qualitative implementation of operational risk management and are advised by the Bank of International Settlements. During 2019 no material losses occurred within Triodos Bank as a result of operational risk related events.